# Insufficient Security Event Logging

- ID: python-insufficient-logging
- Severity: MEDIUM
- CWE: Insufficient Logging (CWE-778)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects security-critical operations (authentication, authorization failures,
admin actions) without proper logging. Insufficient logging prevents detection
of attacks and hinders incident response.

This rule only triggers on files containing security-critical patterns like:
- Authentication (login, logout, authenticate, check_password)
- Authorization decorators (@login_required, @permission_required)
- Privilege checks (is_staff, is_superuser, is_admin, has_perm)
- Session management with auth/user/token data

NOTE: This rule only applies to authentication/authorization related code.
Not every view needs audit logging - focus on security-critical operations.

## Detection Message

Security-critical operation lacks audit logging

## Remediation

Log authentication attempts, failures, and security-critical actions with user/IP context.

```python
import logging
from flask import request
from flask_login import login_user

logger = logging.getLogger('security')

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    user = User.query.filter_by(username=username).first()

    if user and check_password(user.password, request.form['password']):
        login_user(user)
        logger.info(f"Login success: {username} from {request.remote_addr}")
        return redirect('/dashboard')

    logger.warning(f"Login failed: {username} from {request.remote_addr}")
    return 'Invalid credentials', 401
```

Learn more: https://shoulder.dev/learn/python/cwe-778/insufficient-logging

## Documentation

[object Object]

## Related Rules

- **Avoid console.log when logging library exists** [low]: 
- **Avoid print() when logging module exists** [low]: